From 41737ef9cd5f047a381d69ffdb99a17dac83444f Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Thu, 30 Jul 2020 14:24:58 +0200
Subject: [PATCH] hashers: fix drupal password hasher (#45576)

---
 src/authentic2/hashers.py | 12 ++++++------
 tests/test_hashers.py     | 10 ++++++++++
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/authentic2/hashers.py b/src/authentic2/hashers.py
index b3dfe3e3..14b80c34 100644
--- a/src/authentic2/hashers.py
+++ b/src/authentic2/hashers.py
@@ -47,17 +47,17 @@ class Drupal7PasswordHasher(hashers.BasePasswordHasher):
         count = len(v)
         i = 0
         while i < count:
-            value = ord(v[i])
+            value = v[i]
             i += 1
             out += self.i64toa(value & 0x3f)
             if i < count:
-                value |= ord(v[i]) << 8
+                value |= v[i] << 8
             out += self.i64toa((value >> 6) & 0x3f)
             if i == count:
                 break
             i += 1
             if i < count:
-                value |= ord(v[i]) << 16
+                value |= v[i] << 16
             out += self.i64toa((value >> 12) & 0x3f)
             if i == count:
                 break
@@ -74,14 +74,14 @@ class Drupal7PasswordHasher(hashers.BasePasswordHasher):
 
     def to_drupal(self, encoded):
         algo, count, salt, h = encoded.split('$', 3)
-        count = self.atoi64(math.ceil(math.log(count, 2)))
+        count = self.i64toa(math.ceil(math.log(int(count), 2)))
         return '$S$%s%s%s' % (count, salt, h)
 
     def encode(self, password, salt, iterations):
         assert password
         assert salt and '$' not in salt
-        h = force_bytes(salt)
-        password = force_bytes(password)
+        h = salt.encode()
+        password = password.encode()
         for i in range(iterations + 1):
             h = self.digest(h + password).digest()
         return "%s$%d$%s$%s" % (self.algorithm, iterations, salt, self.b64encode(h)[:43])
diff --git a/tests/test_hashers.py b/tests/test_hashers.py
index 0886062b..0223a585 100644
--- a/tests/test_hashers.py
+++ b/tests/test_hashers.py
@@ -53,3 +53,13 @@ def test_plone_hasher():
     assert hasher.verify(
             'Azerty!123',
             'plonesha1${SSHA}vS4g4MtzJyAjvhyW7vsrgjpJ6lDCU+Y42a6p')
+
+
+def test_drupal_hasher():
+    hasher = hashers.Drupal7PasswordHasher()
+    encoded = '$S$Dynle.OzZaDw.KtHA3F81KvwnKFkFI3YPxe/q9ksun7HjrpEDy6N'
+    pwd = 'Azerty!123'
+    dj_encoded = hasher.from_drupal(encoded)
+
+    assert hasher.verify(pwd, dj_encoded)
+    assert hasher.to_drupal(dj_encoded) == encoded
-- 
2.20.1